downgrade-root
Advanced tools
Comparing version 1.1.0 to 1.2.2
17
index.js
@@ -6,8 +6,17 @@ 'use strict'; | ||
module.exports = function () { | ||
if (isRoot() && process.setuid) { | ||
var uid = parseInt(process.env.SUDO_UID, 10) || defaultUid(); | ||
if (uid && uid > 0) { | ||
process.setuid(uid); | ||
if (isRoot()) { | ||
// setgid needs to happen before setuid to avoid EPERM | ||
if (process.setgid) { | ||
var gid = parseInt(process.env.SUDO_GID, 10); | ||
if (gid && gid > 0) { | ||
process.setgid(gid); | ||
} | ||
} | ||
if (process.setuid) { | ||
var uid = parseInt(process.env.SUDO_UID, 10) || defaultUid(); | ||
if (uid && uid > 0) { | ||
process.setuid(uid); | ||
} | ||
} | ||
} | ||
}; |
{ | ||
"name": "downgrade-root", | ||
"version": "1.1.0", | ||
"version": "1.2.2", | ||
"description": "Try to downgrade the permissions of a process with root privileges", | ||
@@ -16,3 +16,3 @@ "license": "MIT", | ||
"scripts": { | ||
"test": "node test.js" | ||
"test": "ava" | ||
}, | ||
@@ -40,4 +40,4 @@ "files": [ | ||
"devDependencies": { | ||
"ava": "0.0.4" | ||
"ava": "*" | ||
} | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
3199
20
3
1